debian-edu-config_1.443~svn65949_i386.changes ACCEPTED
Accepted: debian-edu-config_1.443~svn65949.dsc to pool/local/d/debian-edu-config/debian-edu-config_1.443~svn65949.dsc debian-edu-config_1.443~svn65949.tar.gz to pool/local/d/debian-edu-config/debian-edu-config_1.443~svn65949.tar.gz debian-edu-config_1.443~svn65949_all.deb to pool/local/d/debian-edu-config/debian-edu-config_1.443~svn65949_all.deb Override entries for your package: debian-edu-config_1.443~svn65949.dsc - extra local/misc debian-edu-config_1.443~svn65949_all.deb - extra local/misc Announcing to comm...@skolelinux.org Thank you for your contribution to Debian-Edu/Skolelinux archive. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1ow2q1-0006q8...@administrator.skolelinux.no
Mike Genkin invites you to use Boxbe
I'd like to share approved contacts with you on Boxbe Here's the link: https://www.boxbe.com/register?tc=3568601655_1469663455 -Mike This message was sent at the request of genkstar...@yahoo.com. If you want to opt-out of invitations from Boxbe members, use this link: https://www.boxbe.com/unsubscribe?email=debian-...@lists.debian.orgtc=3568601655_1469663455 Boxbe, Inc. | 2390 Chestnut Street #201 | San Francisco, CA 94123
debian-edu-config_1.443~svn65960_i386.changes ACCEPTED
Accepted: debian-edu-config_1.443~svn65960.dsc to pool/local/d/debian-edu-config/debian-edu-config_1.443~svn65960.dsc debian-edu-config_1.443~svn65960.tar.gz to pool/local/d/debian-edu-config/debian-edu-config_1.443~svn65960.tar.gz debian-edu-config_1.443~svn65960_all.deb to pool/local/d/debian-edu-config/debian-edu-config_1.443~svn65960_all.deb Override entries for your package: debian-edu-config_1.443~svn65960.dsc - extra local/misc debian-edu-config_1.443~svn65960_all.deb - extra local/misc Announcing to comm...@skolelinux.org Thank you for your contribution to Debian-Edu/Skolelinux archive. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1ow6lm-0008nj...@administrator.skolelinux.no
Re: Linux signpost?
Hi Philipp, On Tue, Jun 22, 2010 at 2:15 PM, Philipp Huebner debala...@debian.orgwrote: [text removed] In this matter I would like to know how uptodate http://www.skolelinux.no/linux-signpost/ is. I am not familiar with that site, those who are, please tell me. Some of the static content is a bit outdated, but the dynamic content of the software has been exported from the debian package system and is quite up to date. When I get time to do so I will put most of the static content into a wiki. I hope this was a good enough answer to your question, please let me know if you require any further questions or comments. BR Arnt Ove Gregersen
Re: Linux signpost?
[Arnt Ove Gregersen] Some of the static content is a bit outdated, but the dynamic content of the software has been exported from the debian package system and is quite up to date. Is there something wrong with the site at the moment? I clicked down a bit and ended up on URL:http://www.skolelinux.no/linux-signpost/showSpisekartet.php?slid=1tid=10locale=nb_NOadmin=0tsid=34, which give me errors like this: Warning: include(sd_showLinkOrSKComment.php) [function.include]: failed to open stream: No such file or directory in /org/www.skolelinux.no/htdocs/linux-signpost/templates/sd_showDetails.php on line 36 Warning: include() [function.include]: Failed opening 'sd_showLinkOrSKComment.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /org/www.skolelinux.no/htdocs/linux-signpost/templates/sd_showDetails.php on line 36Beskrivelse: Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100706214813.gn30...@login1.uio.no
Re: Kerberos on diskless clients
ti, 2010-06-15 kello 13:44 +0200, John S. Skogtvedt kirjoitti: Den 15. juni 2010 12:51, skrev Jonas Smedegaard: On Tue, Jun 15, 2010 at 12:02:57PM +0200, John S. Skogtvedt wrote: With /skole/tjener/home0, the problem is that the machine itself needs a $hostname/nfs principal with corresponding secret key. It's not enough that the user can authenticate to Kerberos. Oh. I was unaware that the machine needed a separate key for NFS. Problem, yes! What exactly do a $host/nfs key grant access to? The whole partition, encrypted by user keys, or the whole partition, unencrypted? I'm not a Kerberos/NFSv4 expert, but AFAIK it's a ticket-granting ticket (TGT) which firstly gives the machine read-only access to the entire exported filesystem, and secondly allows the machine to grant a RW ticket to the user. Kerberos is used to authenticate writes, and optionally for encryption as well. Would AFS perhaps provide a key structure better suited for this? My question here is _only_ about the key structure - AFS might have other limitations making it unsuitable, but the act of comparing key handling might help understand possible/sane approaches. Ideally we would use a filesystem requiring only user key to authenticate. Hmm - would it perhaps be possible (while still secure) to create and permiy a $user/nfs keypair acting as host key for .../home* mount points? Hi, I've been dealing with these same issues recently and after testing it looks like machine credentials are not needed to get diskless clients working with kerberos. What I have understood is that with NFSv4 the machine credentials are used for the initial mount + root access. For the initial mount credentials any credentials are actually ok and if rpc.gssd is run with -n option, it uses existing credentials for the mount. When using sec=krb5 access to users' home directories on the mounted directory then requires valid credentials for the user. I haven't really tested the root access part here as I have always used root_squash on all the exports. Using user's credentials instead of a keytab means of course that the mount works only as long as the credentials are valid. man rpc.gssd -n By default, rpc.gssd treats accesses by the user with UID 0 spe‐ cially, and uses machine credentials for all accesses by that user which require Kerberos authentication. With the -n option, machine credentials will not be used for accesses by UID 0. Instead, credentials must be obtained manually like all other users. Use of this option means that root must manually obtain Kerberos credentials before attempting to mount an nfs filesystem requiring Kerberos authentication. Veli-Matti -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1278456218.3993.30.ca...@punajuuri.liitu.vm.opinsys.fi